Roundcube Community Forum

Release Support => Pending Issues => Topic started by: TomHsiung on January 18, 2019, 08:37:48 AM

Title: Cannot login Roundcube dashboard
Post by: TomHsiung on January 18, 2019, 08:37:48 AM
Hello,

I can send email via Macintosh mail.app, via my self-hosted Postfix/Dovecot server, which has been confirmed by sending and receiving emails with email service providers.

I downloaded the latest Roundcube stable version and uploaded the script to the web directory. After browsing the .../installer directory, all required and optional preretirements have been achieved.

However, when I tried to login into the webmail, I got an error: connection-to-storage-server-failed.
Title: Re: Cannot login Roundcube dashboard
Post by: JohnDoh on January 19, 2019, 02:09:25 AM
That means Roundcube could not connect to your IMAP server. Check your Roundcube config. More details about the error may be available in the Roundcube error log.
Title: Re: Cannot login Roundcube dashboard
Post by: TomHsiung on January 19, 2019, 03:52:11 AM
Here is the error log:

Code: [Select]
[19-Jan-2019 16:47:58 +0800]: <tt3ij78l> IMAP Error: Login failed for username from x.x.x.x. Empty startup greeting (localhost:993) in /xxx/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /roundcubemail/?_task=login&_action=login)
When I test the SMTP function, I got:
Code: [Select]
[19-Jan-2019 17:00:14 Asia/Shanghai] ERROR: Invalid response code received from server (530)
Title: Re: Cannot login Roundcube dashboard
Post by: JohnDoh on January 19, 2019, 05:54:36 AM
"Empty startup greeting" is a TLS error. I see you are connecting to localhost:993. There is no need for TLS when connecting localhost and if you do want it you'll also need to disable certificate validation (see imap_conn_options). What have you set default_host' and 'default_port' too?
Title: Re: Cannot login Roundcube dashboard
Post by: TomHsiung on January 19, 2019, 06:26:06 AM
Default host
Code: [Select]
$config['default_host'] = 'tls://localhost';
Default port
Code: [Select]
$config['default_port'] = 993;
Title: Re: Cannot login Roundcube dashboard
Post by: TomHsiung on January 19, 2019, 06:37:30 AM
"Empty startup greeting" is a TLS error. I see you are connecting to localhost:993. There is no need for TLS when connecting localhost and if you do want it you'll also need to disable certificate validation (see imap_conn_options). What have you set default_host' and 'default_port' too?

Yep, it is not necessary to use transport layer security mechanism. However, I want to make sure that, if Roundcube supports transport layer secure transport? It is obviously my Macintosh Mail.app support the transport layer secure transport. How about Roundcube webmail? If I use Roundcube webmail to connect to a remote email server, for instance, there is a need to use transport layer security. Thanks.

Tom
Title: Re: Cannot login Roundcube dashboard
Post by: JohnDoh on January 19, 2019, 09:37:40 AM
Roundcube supports TLS yes. Try changing tls:// to ssl:// in your default_host config. See the answer here for more explanation https://serverfault.com/questions/690200/roundcube-dovecot-ssl-errors-when-trying-to-log-in
Title: Re: Cannot login Roundcube dashboard
Post by: TomHsiung on January 20, 2019, 02:24:45 AM
For SMTP server.

When I tried ssl://, I got:
Code: [Select]
[20-Jan-2019 15:11:05 Asia/Shanghai] ERROR: fsockopen(): unable to connect to ssl://localhost:587 (Unknown error) (0)
[20-Jan-2019 15:11:05 Asia/Shanghai] ERROR: Failed to connect socket: fsockopen(): unable to connect to ssl://localhost:587 (Unknown error) ()

When I tried tls://, I got:
Code: [Select]
[20-Jan-2019 15:22:36 Asia/Shanghai] ERROR: Invalid response code received from server (530)
[20-Jan-2019 15:22:36 Asia/Shanghai] ERROR: Invalid response code received from server (530)
Title: Re: Cannot login Roundcube dashboard
Post by: TomHsiung on January 20, 2019, 02:43:39 AM
When I tried IMAPs for ssl://, I got:
Code: [Select]
[20-Jan-2019 15:38:52 Asia/Shanghai] PHP Deprecated:  idn_to_ascii(): INTL_IDNA_VARIANT_2003 is deprecated in x/x/x/test.php on line 416
[20-Jan-2019 15:38:52 Asia/Shanghai] PHP Deprecated:  idn_to_ascii(): INTL_IDNA_VARIANT_2003 is deprecated in x/x/x/test.php on line 417
Title: Re: Cannot login Roundcube dashboard
Post by: JohnDoh on January 20, 2019, 06:16:56 AM
Quote
[20-Jan-2019 15:11:05 Asia/Shanghai] ERROR: fsockopen(): unable to connect to ssl://localhost:587 (Unknown error) (0)
Did you disable certificate verification? see smtp_conn_options

Quote
[20-Jan-2019 15:38:52 Asia/Shanghai] PHP Deprecated:  idn_to_ascii(): INTL_IDNA_VARIANT_2003 is deprecated in x/x/x/test.php on line 416
Fixed in version 1.3.4 see https://github.com/roundcube/roundcubemail/issues/6075
Title: Re: Cannot login Roundcube dashboard
Post by: TomHsiung on January 22, 2019, 04:21:02 AM
I think it is safe to enable transport layer security (asymmetrical encryption). So I have to enable the certification verification (public key).

Tom
Title: Re: Cannot login Roundcube dashboard
Post by: TomHsiung on February 03, 2019, 09:58:56 AM
Quote
Did you disable certificate verification? see smtp_conn_options

If the certificate verification is disabled, what difference it will be?
Title: Re: Cannot login Roundcube dashboard
Post by: JohnDoh on February 04, 2019, 05:38:30 AM
Any one can create a self-signed cert for any common name (CN). Certificate validation checks the Certificate Authority (CA) which issued the certificate to see that its valid. Because self-signed certs are not signed by a known CA they will fail validation. If you are using self-signed certs or certs from an unknown CA then using imap/smtp_conn_options you can disable the verification to allow the connection to be established. Or rather than disabling verificaiton you can also configure the CA information to allow OpenSSL (the unlying lib) to verify the certificate. There are comments in defaults.inc.php with more info.
Title: Re: Cannot login Roundcube dashboard
Post by: TomHsiung on February 05, 2019, 09:47:26 AM
I do use self-assigned keys. But, my email client (for example, the Mac mail.app) is able to access my mail server, with certificate enabled.

It sounds like it not the issue of the transport layer security it self. It's about the keys, for which the round cube requires a key assigned by a CA company. If I disable the verification, does the transport layer security mechanism still work?

Tom
Title: Re: Cannot login Roundcube dashboard
Post by: TomHsiung on February 05, 2019, 10:25:46 AM
And I tried:

Code: [Select]
$config['imap_conn_options'] = FALSE;
$config['smtp_conn_options'] = FALSE;

Not work

Code: [Select]
$config['imap_conn_options'] = false;
$config['smtp_conn_options'] = false;

Not work

Code: [Select]
$config['imap_conn_options'] = null;
$config['smtp_conn_options'] = null;

Not work, too.

======After reading some online references======

It should be:

Code: [Select]
$config['imap_conn_options'] = array(
  'ssl'         => array(
     'verify_peer'  => false,
     'verify_peer_name' => false,
   ),
 );


$config['smtp_conn_options'] = array(
  'ssl'         => array(
     'verify_peer'  => false,
     'verify_peer_name' => false,
   ),
 );

And now I could login into the dashboard.
Title: Re: Cannot login Roundcube dashboard
Post by: TomHsiung on February 16, 2019, 08:16:19 AM
Unfortunately, I encountered new issue when I tried to send email via the webmail. Note that the desktop email client of Macintosh Mail.app worked well.

This error:

Code: [Select]
SMTP Error (530): Failed to set sender "xxx@xxx.com" (5.7.0 Must issue a STARTTLS command first).
Tom
Title: Re: Cannot login Roundcube dashboard
Post by: JohnDoh on February 16, 2019, 09:22:08 AM
perhaps the same as this https://github.com/roundcube/roundcubemail/issues/4590? may be you need to the smtp auth settings. If its not that then when config do you have in $config['smtp_server'] and $config['smtp_port']?
Title: Re: Cannot login Roundcube dashboard
Post by: TomHsiung on February 17, 2019, 01:13:49 AM
It's solved by adding to config.inc.php

Code: [Select]
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';

However, this raise safety concern. Is it secure to add this two lines?

Tom
Title: Re: Cannot login Roundcube dashboard
Post by: JohnDoh on February 17, 2019, 02:53:13 AM
Quote
However, this raise safety concern.
What concern?
Title: Re: Cannot login Roundcube dashboard
Post by: TomHsiung on February 18, 2019, 10:40:53 AM
Quote
However, this raise safety concern.
What concern?

That is, would these two lines cause security flaws, or reduce the effect of TLS. Thanks.

Tom
Title: Re: Cannot login Roundcube dashboard
Post by: JohnDoh on February 20, 2019, 02:52:28 AM
The options have nothing to do with TLS. SMTP login is done during transaction time, after the TLS connection is established. It's a similar process to how Roundcube logins to your IMAP server.